stackoom
  简体   繁体   中英

mysqli_query($conn, $sql) or $conn->query($sql)

 原文  2017-02-05 09:47:25       php/ security/ oop/ mysqli/ procedural

Question

I am new to web Development, I am currently not using any frameworks.

Till now, I was using mysqli_query($conn, $sql) to send a query to the MySQL server.

Recently I read another technique which use $conn - > query($sql) .

I know that $conn->query($sql) is the OOP way of sending query and mysqli_query($conn, $sql) is the procedural method.

I haven't learned Object Oriented PHP yet However, I am going to learn it soon before moving onto a framework.

Could someone tell me the advantages of using $conn->query($sql) over the mysqli_query($conn, $sql) ? Is it more secure? Is there something else to it?

I know OOP is better than Procedural, but I'd like to know the main advantages, from the point of Security(mainly)!

2 answers

solution1
 2 ACCPTED  2017-02-05 10:31:34

Neither.

Three points to get it straight:

  1. There is noting much to "learn". The object syntax is as silly as it seems: just an arrow to access a method or a property. Surely you already go it.

  2. Second option just gets you less typing :

     mysqli_query($mysqli, $query); vs. $mysqli->query($query);
  3. Either way you should be using PDO, not mysqli

I know OOP is better than Procedural

This is just irrelevant here. Do not confuse Object Oriented Programming with object syntax. The former is a very complex topic, which takes years to learn and you are not nearly going to get it soon. While object syntax is just a syntax - no more no less. Nothing too complicated to worry about, nor any dramatical benefits either

solution2
 -1  2017-02-05 10:02:39

"OOP is better than Procedural Programming" - I'd say it depends. If we're talking about performance then yes OOP is efficient and more organized than Procedural Programming. If you're building a large complex project then OOP is the way to go. However if we're talking about security then Procedural Programming method is as secure as OOP method. Especially if you're using PDO. When you use PDO, you use named placeholders instead of passing variables directly into the Query which helps prevent attacks such as SQL Injection. And if you use PDO, you don't need to sanitize your inputs by yourself (eliminating extra coding) because PDO takes care of that.

I'd recommend you start learning with PDO because it follows Obejct Oriented Programming styles so if you start with it, you'll already be one step ahead when you start writing code in OOPHP. Hope that helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Does the `$result = mysqli_query($conn, $sql);` query out all the user data on time? can a result of $conn->query(…) be not null with 0 records Multiple for-loops from one $result = $conn->query($query) SQL: mysqli_query, no output Remove db $conn from MYSQLI query What is the wrong with SQL multi queries in mysqli_query() mysqli_query($conn, “UPDATE member_db SET 'Fine_Amt'=('Fine_Amt' +' $fine') WHERE 'Member_id' = '$mem_id'”); not getting executed SQL syntax error Maria DB server Mysqli_query Not able to run create sql command with mysqli_query php SQL Syntax Error when executing mysqli_query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM